I've separated the areas to new lines. Most of it is inputs and then there is the server port, their ip address, the script they accessed. definitely looks like they were trying to use an exploit to access command line. but this is not the script they think it is.

3 Answers
3

Webservers get attacked all the time. Any given attack is trying to pick off a particular program.
If you write your software well and validate all your inputs, your system should be able to tolerate garbage like that and politely ignore it.
It's not like a DOS attack, if it's only happening 3 times a day.
If you want to go nuts you can write a script to scan the logs, if you see a known pattern of attack, run a script to block the ip from getting to your webserver after N number of hits.

If all attacks originate from the same IP Address then you can use iptables to block that IP from accessing your server. You can have it do it temporarily or permanently by writing an script.
This solution presumes that you have root/sudo access to the server you are hosting on.
You can also explore snort which is pretty effective for known (and common) exploit payloads and strings.

In the end, nothing beats solid input validation when it comes to prevent common web based attacks !